{% if odcs_force_ssl %}
# Force SSL
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
{% endif %}

WSGIDaemonProcess odcs user=apache group=apache processes={{wsgi_procs}} threads={{wsgi_threads}}
WSGIScriptAlias /{{ odcs_endpoint }} /usr/share/odcs/odcs.wsgi

{% if env == 'staging' %}
OIDCOAuthClientID {{ odcs_stg_oidc_client_id }}
OIDCOAuthClientSecret {{ odcs_stg_oidc_client_secret }}
OIDCOAuthIntrospectionEndpoint https://id.stg.fedoraproject.org/openidc/TokenInfo
{% else %}
OIDCOAuthClientID {{ odcs_prod_oidc_client_id }}
OIDCOAuthClientSecret {{ odcs_prod_oidc_client_secret }}
OIDCOAuthIntrospectionEndpoint https://id.fedoraproject.org/openidc/TokenInfo
{% endif %}

OIDCOAuthIntrospectionEndpointAuth client_secret_post
OIDCOAuthIntrospectionEndpointParams token_type_hint=Bearer

<Directory /usr/share/odcs>
    WSGIProcessGroup odcs
    WSGIApplicationGroup %{GLOBAL}

    <RequireAll>
        {% if odcs_allowed_named_hosts or odcs_allowed_hosts %}
        <RequireAny>
            Require method GET POST DELETE
            {% if odcs_allowed_named_hosts %}
            {{ 'Require host ' ~ odcs_allowed_named_hosts|join(' ') }}
            {% endif %}
            {% if odcs_allowed_hosts %}
            {{ 'Require ip ' ~ odcs_allowed_hosts|join(' ') }}
            {% endif %}
        </RequireAny>
        Require all granted
        {% else %}
        AuthType oauth20
        <Limit GET HEAD OPTIONS>
            Require all granted
        </Limit>
        <Limit POST PATCH PUT DELETE>
            Require valid-user
        </Limit>
        {% endif %}
    </RequireAll>
</Directory>

Alias "/composes" "{{ odcs_target_dir }}"
<Directory {{ odcs_target_dir }}>
    {% if odcs_allowed_named_hosts or odcs_allowed_hosts %}
    <RequireAny>
        Require method GET
        {% if odcs_allowed_named_hosts %}
        {{ 'Require host ' ~ odcs_allowed_named_hosts|join(' ') }}
        {% endif %}
        {% if odcs_allowed_hosts -%}
        {{ 'Require ip ' ~ odcs_allowed_hosts|join(' ') }}
        {% endif %}
    </RequireAny>
    {% else %}
    Require all granted
    {% endif %}

    Options +Indexes
</Directory>
